https://github.com/OTRF/API-To-Event

A repo to document API functions mapped to security events across diverse platforms
https://github.com/OTRF/API-To-Event

Last synced: 20 days ago
JSON representation

A repo to document API functions mapped to security events across diverse platforms

• Host: GitHub
• URL: https://github.com/OTRF/API-To-Event
• Owner: OTRF
• License: gpl-3.0
• Created: 2019-07-08T04:10:45.000Z (almost 7 years ago)
• Default Branch: master
• Last Pushed: 2019-11-01T02:07:46.000Z (over 6 years ago)
• Last Synced: 2026-02-26T01:27:21.744Z (about 2 months ago)
• Size: 24.4 KB
• Stars: 74
• Watchers: 7
• Forks: 18
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-csirt - API-To-Event - forge](https://github.com/hunters-forge/notebooks-forge), [BloodHound Notebooks](https://github.com/hunters-forge/bloodhound-notebooks) (Blue Team / Threat Hunting)

README

          
# API-To-Event

A repo focused primarily on documenting the relationships between API functions and security events that get generated when using such functions. This project leverages other projects to be able to validate and abstract the use of those apis:

* Windows

    * [PSReflect-Functions](https://github.com/jaredcatkinson/PSReflect-Functions)

    * [PurpleSharp](https://github.com/mvelazc0/PurpleSharp)

* AWS

    * [Boto3](https://github.com/boto/boto3)

    * [Pacu](https://github.com/RhinoSecurityLabs/pacu)

In addition, any dataset generated while testing and validating events will be stored in the [Mordor](https://github.com/Cyb3rWard0g/mordor) project.

# Goals

* Share lists of API functions mapped to security events

* Help security analysts to understand what it is that can trigger specific security events

* Enhance detections adding context on API functionality

# Getting Started

* [List of API-To-Events](https://docs.google.com/spreadsheets/d/1Y3MHsgDWj_xH4qrqIMs4kYJq1FSuqv4LqIrcX24L10A/edit?usp=sharing)

# Authors

* Roberto Rodriguez [@Cyb3rWard0g](https://twitter.com/Cyb3rWard0g)

# Contributing

There are a few things that we would like to accomplish with this repo as shown in the To-Do list below. Share new API functions mapped to security events.

# License: GPL-3.0

[ API-To-Event's GNU General Public License](https://github.com/Cyb3rWard0g/API-to-Event/blob/master/LICENSE)

# To-Do

- [ ] Map project mappings to Mordor datasets (ATT&CK)

- [ ] Document AWS APIs to CloudTrail Logs

More coming soon...